Plants worldwide at risk of cyber attacks: researcher
Page 1 of 1 • Share
Plants worldwide at risk of cyber attacks: researcher
by Rao Muhammad Aftab Sun Sep 18, 2011 9:40 am
LAS VEGAS: Researchers warned on Wednesday that energy facilities and industrial plants of all kinds are vulnerable to destructive cyber attacks, in some cases with something as simple as a text message.
Frightening presentations at a prestigious Black Hat computer security conference were preceded by official alerts to energy producers detailing the weaknesses and urging steps be taken to beef up defenses.
"This is not just the United States, it is around the globe," said Tim Roxey, director of risk assessment at the North American Electric Reliability Corporation (NERC) responsible for enforcement of industry standards.
"If somebody really has you in their sites, they've got you," he said of the situation.
Black Hat presentations that triggered the NERC alerts revealed that "PLC" units that control basic factory functions ranging from turbines to valves or even sorting could be commandeered by hackers.
The point was to debunk myths of how it took a nation state with millions of dollars and teams of researchers to penetrate nuclear power plants in attacks by an infamous "Stuxnet" virus, according to NSS Labs security researcher Dillon Beresford.
Beresford described finding a way into PLCs made by Germany-based Siemens AG in a matter of weeks working in his bedroom.
A Siemens representative that took part in the presentation said the company has been working with researchers on the situation.
"It is not only nation states that have this capability, it is now in the hands of researchers and will inevitably get into malicious hands," Beresford said.
"It could be some lone hacker," he continued. "Most people with the time and resources could pull this off."
Cyber attackers would need to get access to machines, which was said to be less daunting than it sounded, according to Beresford.
Research presented by iSEC Partners security consultant Don Bailey showed
that mobile Internet connection cards used in some PLCs in remote locations
could be given commands by text messages, provided the senders knew the numbers assigned to cards.
"We can talk about vulnerabilities in PLCs, GSM (mobile networks), or my socks," Bailey said.
"But the talk has to be about the cost, and machine-to-machine communications exploding in the GSM world," he continued.
Computers insulated from the internet by "air gaps" could find defenses breached by mobile connection cards used for long-distance monitoring or links to sensors that feed information to the Internet, according to Bailey's research. (AFP)
Frightening presentations at a prestigious Black Hat computer security conference were preceded by official alerts to energy producers detailing the weaknesses and urging steps be taken to beef up defenses.
"This is not just the United States, it is around the globe," said Tim Roxey, director of risk assessment at the North American Electric Reliability Corporation (NERC) responsible for enforcement of industry standards.
"If somebody really has you in their sites, they've got you," he said of the situation.
Black Hat presentations that triggered the NERC alerts revealed that "PLC" units that control basic factory functions ranging from turbines to valves or even sorting could be commandeered by hackers.
The point was to debunk myths of how it took a nation state with millions of dollars and teams of researchers to penetrate nuclear power plants in attacks by an infamous "Stuxnet" virus, according to NSS Labs security researcher Dillon Beresford.
Beresford described finding a way into PLCs made by Germany-based Siemens AG in a matter of weeks working in his bedroom.
A Siemens representative that took part in the presentation said the company has been working with researchers on the situation.
"It is not only nation states that have this capability, it is now in the hands of researchers and will inevitably get into malicious hands," Beresford said.
"It could be some lone hacker," he continued. "Most people with the time and resources could pull this off."
Cyber attackers would need to get access to machines, which was said to be less daunting than it sounded, according to Beresford.
Research presented by iSEC Partners security consultant Don Bailey showed
that mobile Internet connection cards used in some PLCs in remote locations
could be given commands by text messages, provided the senders knew the numbers assigned to cards.
"We can talk about vulnerabilities in PLCs, GSM (mobile networks), or my socks," Bailey said.
"But the talk has to be about the cost, and machine-to-machine communications exploding in the GSM world," he continued.
Computers insulated from the internet by "air gaps" could find defenses breached by mobile connection cards used for long-distance monitoring or links to sensors that feed information to the Internet, according to Bailey's research. (AFP)
Rao Muhammad Aftab- Monstars
-
Posts : 1091
Join date : 2011-02-11
Age : 35
Similar topics» Cyber attacks also targeted Gmail rivals
» Plants clean air pollution better than expected
» All options open in cyber-attack: Pentagon
» White House Admits Cyber Attack, Says No Data Lost
» 25 killed in attacks in northern Nigeria
» Plants clean air pollution better than expected
» All options open in cyber-attack: Pentagon
» White House Admits Cyber Attack, Says No Data Lost
» 25 killed in attacks in northern Nigeria
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|
» house disrepair claims
» Bounce n Bang: Physics puzzler
» AIChatSY - AIChatbot Assistant
» Storybook Magic App
» Flower Book Match3 Puzzle Game
» Avian Influenza Symptom in Chickens "Bird Flu H5N1 Virus" Vet learning materials, Poultry Farming
» Aloha Planner - Note-Taker
» Streaming Guide Film TV Series